76 lines
2.1 KiB
Markdown
76 lines
2.1 KiB
Markdown
# ops-deployment
|
|
|
|
This repository contains declarative Kubernetes configurations (deployments, services, persistent volumes) for all application services. Changes are automatically synchronized to the cluster by Flux.
|
|
|
|
## Structure
|
|
|
|
Each service directory contains:
|
|
- `deployment.yaml` - Pod specifications, container images, environment variables, volume mounts
|
|
- `service.yaml` - Service exposure (ClusterIP, NodePort)
|
|
- Additional resources as needed (PVCs, ConfigMaps, etc.)
|
|
|
|
## Workflow
|
|
|
|
1. **CI/CD Pipeline**: Build process generates new container image
|
|
2. **Automatic Update**: Pipeline commits updated image tag to this repository
|
|
3. **Flux Synchronization**: Flux detects changes and applies to cluster
|
|
4. **Rolling Deployment**: Kubernetes performs rolling update
|
|
|
|
## Secrets Management
|
|
|
|
Secrets are managed directly in Kubernetes using `kubectl` or sealed-secrets:
|
|
- Never committed to this repository
|
|
- Mounted as volumes at `/etc/secrets` in containers
|
|
- Referenced via `secretName` in deployment manifests
|
|
|
|
## Persistent Storage
|
|
|
|
Services requiring data persistence (MySQL, RabbitMQ) use PersistentVolumeClaims:
|
|
- Storage classes define volume provisioning
|
|
- Data survives pod restarts and redeployments
|
|
- Backups handled separately
|
|
|
|
## Example Service
|
|
|
|
```yaml
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: backend-push-notifications
|
|
namespace: app-notifications
|
|
spec:
|
|
replicas: 1
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: backend-push-notifications
|
|
image: ghcr.io/user/service:2
|
|
ports:
|
|
- containerPort: 9000
|
|
volumeMounts:
|
|
- name: secrets
|
|
mountPath: /etc/secrets
|
|
readOnly: true
|
|
volumes:
|
|
- name: secrets
|
|
secret:
|
|
secretName: backend-push-notifications
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: backend-push-notifications
|
|
spec:
|
|
selector:
|
|
app: backend-push-notifications
|
|
ports:
|
|
- port: 9000
|
|
targetPort: 9000
|
|
nodePort: 30904
|
|
type: NodePort
|
|
```
|
|
|
|
## Monitoring
|
|
|
|
Services expose Prometheus metrics endpoints where applicable, on port 9000 and exposed via NodePort.
|